WordPress Backup & Migration Security Vulnerabilities
CVE-2021-46978 KVM: nVMX: Always make an attempt to map eVMCS after migration
In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcs page right away: evmcs gpa is not...
8.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...
6.4AI Score
0.0004EPSS
WPvivid Backup for MainWP < 0.9.33 - Reflected Cross-Site Scripting
Description The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
6.1CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcs page right away: evmcs gpa is not...
6.5AI Score
0.0004EPSS
Veeam Backup for AWS Private Network Deployment Automation
This article provides information about Veeam Backup for AWS support for private deployment mode. It will explain how to use the attached script to configure network settings for buckets (used as repositories) and workers (used for...
6.8AI Score
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
7AI Score
0.0004EPSS
CVE-2021-46957 riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
6.6AI Score
0.0004EPSS
CVE-2021-46957 riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
6.7AI Score
0.0004EPSS
TimbreStealer campaign targets Mexican users with financial lures
Cisco Talos has discovered a new campaign operated by a threat actor distributing a previously unknown malware we're calling "TimbreStealer." This threat actor was observed distributing TimbreStealer via a spam campaign using Mexican tax-related themes starting in at least November 2023. The...
7.8AI Score
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup...
6.2AI Score
0.0004EPSS
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup...
9.1AI Score
0.0004EPSS
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup...
6.8AI Score
0.0004EPSS
CVE-2023-7165 JetBackup < 2.0.9.9 - Directory Listing Exposing Backups
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663]...
6.5AI Score
0.0004EPSS
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
2.2CVSS
3.6AI Score
0.0004EPSS
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
2.2CVSS
4.9AI Score
0.0004EPSS
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
2.2CVSS
7.2AI Score
0.0004EPSS
GLSA-202402-32 : btrbk: Remote Code Execution
The remote host is affected by the vulnerability described in GLSA-202402-32 (btrbk: Remote Code Execution) Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. (CVE-2021-38173) Note that...
9.8CVSS
7.8AI Score
0.004EPSS
Virtuozzo Hybrid Infrastructure 6.0 Update 1 Hotfix 2 (6.0.1-88)
This update provides stability improvements. Vulnerability id: VSTOR-80869 Snapshot creation for volumes stored on external NFS may fail under certain circumstances. Vulnerability id: VSTOR-81489 Some requests to the S3 service may fail with the 504 HTTP error. Vulnerability id: VSTOR-81846 Fixed.....
7AI Score
Background btrbk is a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below...
9.8CVSS
7.2AI Score
0.004EPSS
6.8CVSS
7.1AI Score
0.0004EPSS
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
2.2CVSS
4.1AI Score
0.0004EPSS
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/...
7.5AI Score
0.0004EPSS
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/...
7.7AI Score
0.0004EPSS
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/...
8.3AI Score
0.0004EPSS
Summary Vulnerabilities in AIX's Perl could allow an attacker to execute arbitrary commands (CVE-2024-25021, CVE-2023-47038, CVE-2023-47100) AIX uses Perl in various operating system components. Vulnerability Details ** CVEID: CVE-2024-25021 DESCRIPTION: **IBM AIX's Perl implementation could...
9.8CVSS
8.2AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
7.3AI Score
0.0004EPSS
CVE-2023-52453 hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
7.5AI Score
0.0004EPSS
CVE-2023-52453 hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
6.7AI Score
0.0004EPSS
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/...
7.7AI Score
0.0004EPSS
gitea -- Fix XSS vulnerabilities
Problem Description: The Wiki page did not sanitize author name the reviewer name on a "dismiss review" comment is also affected the migration page has some...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the device compatibility check, it failed to update the saving/resuming data pointers based on...
6.5AI Score
0.0004EPSS
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 78 vulnerabilities disclosed in 63...
10CVSS
9.2AI Score
0.001EPSS
Dell PowerProtect Data Manager Operating System Command Injection Vulnerability
Dell PowerProtect Data Manager (PPDM) is a set of data protection solutions from Dell (USA). The product supports features such as data backup, virtual machine backup and database protection. An operating system command injection vulnerability exists in Dell PowerProtect Data Manager version 19.15....
7.2CVSS
7.3AI Score
0.001EPSS
Fedora: Security Advisory for rear (FEDORA-2024-49ddbf447d)
The remote host is missing an update for...
5.5CVSS
5.7AI Score
0.0004EPSS
Dell PowerProtect Data Manager Authorization Issues Vulnerability (CNVD-2024-09644)
Dell PowerProtect Data Manager (PPDM) is a set of data protection solutions from Dell (USA). The product supports features such as data backup, virtual machine backup and database protection. An authorization issue vulnerability exists in Dell PowerProtect Data Manager version 19.15 and earlier,...
8.8CVSS
7AI Score
0.001EPSS
IBM SECURITY ADVISORY First Issued: Wed Feb 21 15:59:59 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perl_advisory8.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to Perl (CVE-2024-25021,...
9.8CVSS
8.1AI Score
0.001EPSS
(RHSA-2024:0934) Important: Red Hat Virtualization security and bug fix update
Security fixes: * ovirt: authentication bypass (CVE-2024-0822) Bug fixes: * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request...
7.2AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: rear-2.7-8.fc38
Relax-and-Recover is the leading Open Source disaster recovery and system migration solution. It comprises of a modular frame-work and ready-to-go workflows for many common situations to produce a bootable image and restore from backup using this image. As a benefit, it allows to restore to...
5.5CVSS
5.5AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: rear-2.7-8.fc39
Relax-and-Recover is the leading Open Source disaster recovery and system migration solution. It comprises of a modular frame-work and ready-to-go workflows for many common situations to produce a bootable image and restore from backup using this image. As a benefit, it allows to restore to...
5.5CVSS
5.5AI Score
0.0004EPSS
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions <= 0.50.3; <= 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was ident...
6.5AI Score
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions <= 0.50.3; <= 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was ident...
6.5AI Score
RHEL 8 : Red Hat Virtualization (RHSA-2024:0934)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0934 advisory. Security fixes: * ovirt: authentication bypass (CVE-2024-0822) Bug fixes: * During the storage domain import, the engine will fail to find...
7.5CVSS
7.8AI Score
0.001EPSS